Presentation is loading. Please wait.

Presentation is loading. Please wait.

PRIVACY AND INFORMATION SECURITY

Published byRosalind Dalton Modified over 8 years ago

Similar presentations

Presentation on theme: "PRIVACY AND INFORMATION SECURITY"— Presentation transcript:

1 PRIVACY AND INFORMATION SECURITY
2015 – STAFF TRAINING PRIVACY AND INFORMATION SECURITY

2 RESPECT FOR PRIVACY AND CONFIDENTIALITY

3 WHAT IS PROTECTED HEATLH INFORMATION (phi)
The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information (PHI)."

4 FREQUENTLY REPORTED HIPAA PRIVACY INCIDENTS
Medical record documents, billing statements and prescriptions being mailed or handed to the wrong patient. s containing more than minimally necessary patient Protected Health Information (PHI) sent in a format that is not secure. Gossiping or sharing patient information with someone who is not authorized to know. Staff or faculty accessing a co-worker’s or any other patient’s electronic medical record without a legitimate business purpose or written authorization is a privacy violation regardless of the reason and may trigger the federal breach notification requirements. Staff or faculty member shares User ID and Password that allows access to restricted systems and or confidential information or PHI of others.

5 How To Avoid Hipaa Privacy Incidents
Access information only if you need it to do your job; Share information only with others who need it to do their jobs; only the minimum necessary amount of patient identifiable information (MRN, initials) or use FTA (File Transfer Application); Use MHAV to when communicating with a patient; Speak where others (including patient family members and friends) cannot hear, if possible; Confirm identity of patient is correct before accessing a patient record or handing and mailing patient health information; Allow the patient an opportunity to allow or not allow their friends or family members to hear any information discussed with them; Never share your password or work under another’s password; During the patient registration process allow the patient to provide you pertinent information that will identify the patient: Date of Birth, Address, Last 4 of SSN. (Do not give them the information to confirm instead have them provide it to you!); Dispose documents containing confidential information by shredding; Consult with a CHIM (Center for Health Information Management) Release of Information staff member for questions concerning the release of patient information.

6 PHISHING What is Phishing: How to Identify Phishing:
Phishing is a fraudulent attempt usually made through to steal your personal information through fake websites that appear to be legitimate organizations including Vanderbilt University Medical Center (VUMC) How to Identify Phishing: Phishing s usually ask for your personal information such as a credit card number, social security number, account number, or password. VUMC has taken steps to decrease recent problems of phishing. As a reminder, if you receive a suspicious or phone call, please report it to the Dell-staffed Vanderbilt IT Help Desk at (615) 343-HELP or the Tech Hub at (615) Phishing s will almost always tell you to click a link that takes you to a site where your personal information is requested. Legitimate organizations would not request this information from you via

7 PHISHING…Cont. The following steps/tips can be used to avoid becoming a victim: Always check the sender’s address, and be aware that phishers may forge the sender’s address to make it look as though it came from a legitimate organization, when in fact it did not. Bottom line: If you’re asked to reveal any personal information via , you should not respond. Do not click on links, photos or videos in these messages as they may contain viruses and malware that can be installed on your computer. (Facebook and other social networking messages, ads, videos and links). Remember: Vanderbilt employees are never asked to provide their user name and password via an . If you think your User ID and/or Password have been compromised, change your password immediately.

8 FAXING OF PHI Faxing PHI with the wrong patient information attached/sending PHI to the wrong fax number is the second most frequently report HIPAA violation. Faxing should only be used when there is a time sensitive need to send/receive information and an alternative secure method (e.g., mail, courier service, web-based authentication system, secure file transfer, or telephone) does not exist or is not reasonable. Prior to faxing to an external party (not available through a confirmed fax database), confirm the fax number is accurate with the individual making the request. Read-back of the fax number to the requestor is an acceptable method of confirming accuracy The Provider Communication Wizard utilizes a confirmed provider database and is the preferred mode for faxing patient information to and between providers. Always use a Fax Cover Sheet and include a phone number for the recipient to contact you in case of a faxing error. When confidential information is faxed in error, immediately inform the recipient to destroy the document and then notify the VUMC Privacy Office.

9 SOCIAL MEDIA If you identify yourself in any online forum as a faculty/staff member of VUMC, you must make it clear your are not speaking for VUMC and all submissions represent your own personal views and comments. Social Media Sites (Facebook, Twitter, LinkedIn, Google+, etc.) and blog sites (WordPress, Blogger, LiveJournal etc.) allow you to easily share information with your friends and the public. Never post patient protected health information or confidential information of any kind on social media or blog sites without written authorization from the patient. Remember recognizable markings or body parts are PHI.

10 PATIENT PHOTOGRAPHY AND VIDEO IMAGING
VUMC may utilize Photography or Video Imaging of a patient for purposes of identification and patient care and treatment or as otherwise authorized by the patient or the patient’s legal representative Patient Identifiable Photography is Protected Health Information (PHI) and use and disclosure of this PHI must comply with all Information Privacy and Security Policies for PHI. Photography for purposes of patient care does not require additional consent beyond the standard Consent for Treatment. Photography for purposes other than patient care generally does require explicit consent. Immediately upload patient photos to the EMR or another secure server. Immediately delete the image from the camera/device.  Do Not post Photography of patients in public areas, on internet websites, or blogs without written or documented verbal consent from the patient/legal representative prior to the posting.

11 THE PRIVACY OFFICE WILL DETERMINE WHETHER HIPAA PRIVACY VIOLATIONS REQUIRE BREACH NOTIFICATION AND REPORTING What You Need to Do… Report all suspected Breach of Patient Health Information (PHI) to the Privacy Office. Report all suspected Breach of Employee Information (i.e. Social Security Number) to the Privacy Office. Things You Need to Know… Breach: The unauthorized acquisition, access, use, or disclosure of individually identifiable Personal Information or Protected Health Information that compromises the security or privacy of such information. When breach notification is required the individual whose information was breached must be notified and the incident must be reported to the Secretary of Health and Human Services. State of TN notification may be required when there is a security breach of unencrypted computerized data containing Personal Information, (such as SSN). The Breach Notification policy defines the procedures to be followed upon discovery of known or suspected incidents involving unauthorized acquisition, access, use or disclosure of PHI or computerized Personal Information so that appropriate notification requirements are satisfied.

12 Privacy and Information Security Policies
Policy Review: The following policies with implications for Privacy and Information Security have been updated and published for 2015 training Review: Patient Safety and Confidentiality: No Information, Security Risk, and Alias Designations – IM (October 2013) Breach Notification: Unauthorized Access, Use, or Disclosure of Individually Identifiable Patient or Other Personal Information – IM (February 2014) De-Identification of Protected Health Information and Use of a Limited Data Set – IM (February 2014) Releasing Patient Information and Coordinating Access to Patients by External Law Enforcement Officials and Investigators – IM (April 2014) Patient Requests to Restrict the Use and Disclosure of Information – IM (April 2014) Cloud-Based Computing and Data Storage – IM (June 2014) Protection and Security of RHI – IM (August 2014)

13 ALWAYS FORWARD PATIENT COMPLAINTS TO PATIENT RELATIONS
Contact One of the Following to Report Privacy and Information Security Incidents: ALWAYS FORWARD PATIENT COMPLAINTS TO PATIENT RELATIONS (615)

Download ppt "PRIVACY AND INFORMATION SECURITY"

Similar presentations

FERPA: Family Educational Rights and Privacy Act

FERPA: Family Educational Rights and Privacy Act
Privacy and Information Security Training ( )

Privacy and Information Security Training ( )
Online Course Privacy Contacting Patients and Verification START Click to begin…

Online Course Privacy Contacting Patients and Verification START Click to begin…
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/2009 0.

1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

Similar presentations

Ads by Google